Vulnerability Spotlight: Memory corruption in Google PDFium

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Google Chrome's PDFium feature could be exploited by an adversary to corrupt memory and potentially execute remote code. Chrome is a popular, free web browser available on all operating

systems. PDFium allows users to open PDFs inside Chrome. We recently discovered a bug that would allow an adversary to send a malicious web page to a user, and then cause out-of-bounds memory access.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Google to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability (TALOS-2020-1092/CVE-2020-6513)

A memory corruption vulnerability exists in the way Google Chrome 83.0.4103.61 executes JavaScript inside PDF documents. A specially crafted web page can cause out of bounds memory access. To trigger this vulnerability, the victim must visit a malicious webpage or open a malicious PDF document.

Read the complete vulnerability advisory here for additional information. 

Versions tested

Talos tested and confirmed that Google Chrome, version 83.0.4103.61 is affected by this vulnerability.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 54282 - 54283